docker容器之间的网络连接


1、拉取busybox的镜像,并运行

[root@localhost ~]# docker pull busybox
[root@localhost ~]# docker images 
REPOSITORY          TAG                 IMAGE ID            CREATED             SIZE
busybox             latest              59788edf1f3e        7 weeks ago         1.15MB
[root@localhost ~]# docker run -it --name docker0 busybox

2、创建两块自定义网卡

[root@localhost ~]# docker network create --driver bridge my_net1
7692dfa81202a0b86e1afdd85a97c6705d72723de6e5203ac398816019878b64
[root@localhost ~]# docker network create --driver bridge --subnet 192.168.0.0/24 --gateway 192.168.0.1 my_net2
1ad8fe9fe61eac8bd823e27c5c78fd891e64cf0c29374feabbc41c01b3052ee1

查看创建的网卡信息

[root@localhost ~]# docker network ls
NETWORK ID          NAME                DRIVER              SCOPE
24f3426e73e1        bridge              bridge              local
cf3f312b5f34        host                host                local
c7a91b209139        none                null                local
7692dfa81202        my_net1             bridge              local
1ad8fe9fe61e        my_net2             bridge              local

3、运行不同网卡的两个容器并查看ip地址

[root@localhost ~]# docker run -it --network=my_net1 --name test1 busybox
WARNING: IPv4 forwarding is disabled. Networking will not work.
/ # ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
8: eth0@if9: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue 
link/ether 02:42:ac:12:00:02 brd ff:ff:ff:ff:ff:ff
inet <strong><span style="color: #ff0000;">172.18.0.2/16</span></strong> brd 172.18.255.255 scope global eth0
valid_lft forever preferred_lft forever

再新开一个终端并查看ip地址

[root@localhost ~]# docker run -it --network=my_net2 --name test2 --ip 192.168.0.88 busybox
WARNING: IPv4 forwarding is disabled. Networking will not work.
/ # ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
10: eth0@if11: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue 
link/ether 02:42:c0:a8:00:58 brd ff:ff:ff:ff:ff:ff
inet <strong><span style="color: #ff0000;">192.168.0.88/24</span></strong> brd 192.168.0.255 scope global eth0
valid_lft forever preferred_lft forever

//现在两台容器之间肯定是ping不通的,因为根本都不是同一块网卡,更不在同一网段。
所以需要在本地开启路由转发功能,并且还要分别为两块网卡互相添加新的网络连接(其实也就相当于起到了网关的作用)

4、在主机开启路由转发

[root@localhost ~]# vim /etc/sysctl.conf
net.ipv4.ip_forward = 1            //在最后面添加
[root@localhost ~]# sysctl -p      //使其立即生效

5、设置容器添加新的网络连接(这里的test1、test2可以为容器的name或ID)

[root@localhost ~]# docker network connect my_net1 test2      
[root@localhost ~]# docker network connect my_net2 test1

如果现在再次查看ip,就会发现两个容器都各多了一块eth1网卡

6、测试两不同网卡的容器之间是否可以相互ping通

/ # ping 192.168.0.88
PING 192.168.0.88 (192.168.0.88): 56 data bytes
64 bytes from 192.168.0.88: seq=209 ttl=64 time=0.120 ms
64 bytes from 192.168.0.88: seq=210 ttl=64 time=0.100 ms
64 bytes from 192.168.0.88: seq=211 ttl=64 time=0.086 ms
64 bytes from 192.168.0.88: seq=212 ttl=64 time=0.104 ms
/ # ping 172.18.0.2
PING 172.18.0.2 (172.18.0.2): 56 data bytes
64 bytes from 172.18.0.2: seq=214 ttl=64 time=0.366 ms
64 bytes from 172.18.0.2: seq=215 ttl=64 time=0.071 ms
64 bytes from 172.18.0.2: seq=216 ttl=64 time=0.087 ms
64 bytes from 172.18.0.2: seq=217 ttl=64 time=0.130 ms

测试结果说明已经可以相互ping通

 

所用到的命令

查看docker网卡: docker  network  ls

查看docker IP:    ip  a

查看bridge 网卡: brctl  show

查看bridge网卡配置:docker  network  inspect  指定网卡名

创建 bridge网卡: docker  network  create  - - bridge  新建网卡名

(可增添选项 :- -subnet  指定网卡的网段      - -gateway   指定网卡指定的网关址)

删除网卡:docker  network  rm  指定网卡名

指定网卡来创建容器: docker  run  -itd  --network=网卡名  镜像名

(可增添选项 :--ip  指定容器的IP , 要求是:使用的网卡是 - -subnet 创建的)

添加网卡到指定容器中: docker  network  connect  指定的网卡  指定的容器名/id

查看防火墙的信息; iptables-save

Last modification:July 24th, 2020 at 12:04 am
如果觉得我的文章对你有用,请随意赞赏